Add parent-tunnel byte counters (NPU-offload-accurate)

[maksim-humbility]

Per-Phase-2 (proxyid) incoming_bytes/outgoing_bytes stay at 0 on FortiGate models with NPU offload (default on 60F, 100F, 120G, 200F+) because the hardware bypasses the CPU-side per-SA counters. The /api/v2/monitor/vpn/ipsec response also contains parent-level incoming_bytes/outgoing_bytes that aggregate the NPU hardware counters and are accurate.

Add two new metrics that read those parent-level fields. Existing per-proxyid metrics are kept unchanged for backward compatibility.

Tested in production against 4× FortiGate 120G with NPU offload — parent counters match 'diagnose vpn ipsec tunnel summary' rx/tx values; legacy per-proxyid stays at zero.

Refs: #401

[bastischubert]

this also needs a proper test case, can you add that to the vpn_ipsec_test.go / testdata?

[maksim-humbility]

@bastischubert Added tests for the new metrics in pkg/probe/vpn_ipsec_test.go. Both testdata/ipsec.jsonnet and testdata/ipsec-common-p2.jsonnet already include parent-level incoming_bytes/outgoing_bytes (lines 62-63 and 170-171 respectively), so the existing fixtures fully exercise the new code path.

Updated:

• TestVPNIPSec: parent counters for tunnel_1 (incoming_bytes=14298240, outgoing_bytes=14248560).
• TestVPNIPSecWithCommonP2Names: parent counters for My VPN (incoming_bytes=313018131850, outgoing_bytes=134036710453) — large values, confirms the float64 path through the parser.

Local verification:
% go test ./pkg/probe/ -run TestVPNIPSec -v
=== RUN TestVPNIPSec
--- PASS: TestVPNIPSec (0.00s)
=== RUN TestVPNIPSecWithCommonP2Names
--- PASS: TestVPNIPSecWithCommonP2Names (0.00s)
PASS